DRAFT - IN PROGRESS
Deadline for finalizing the survey questions is Monday 21-Feb-2011. After this date we will put the survey questions into SurveyMonkey for data collection.
NOTE: You must be logged in to edit, see access instructions at http://middleware.internet2.edu/docs/internet2-spaces-instructions-200703.html
OR send mail with your comments and suggestions to Steve Olshansky, MACE-Dir Flywheel <steveo AT internet2 DOT edu>.
---
Developing a survey about managing people entries, attributes, and affiliations from non-authoritative sources...
NOTE: Contact info is for internal purposes only, for use in contacting you later if questions arise. Any public reports will EXCLUDE your info unless you give us permission to include it.
- Name
- Title
- Institution
- May we identify you in public reports resulting from this survey?
Guest survey questions
- Trigger or initiation of a guest identity
- Who or what processes can trigger the provisioning of guest identity?
- Are guest identities in a separate store or in same store as identities of employees and students?
- Do guests have an explicit sponsor - an explicitly designated person or unit or system responsible for the guest identity?
- If a sponsor leaves the institution, does the status of the guest account change?
- Is approval required above the sponsor level (Dean, executive, IT office)?
- What is the maximum amount of time a person can be affiliated on a guest account?
- Do guest identities expire? How is expiration (or renewal) date determined and how associated with the identity (in an attribute for example)?
- Guest identity data
- What data is required about the guest? legal name, SS# or other government identifier, dob, email address, other?
- Is supplied data verified? Matched against existing systems of record?
- (How) is the source of this data retained? (save the paper or e-form, copy IDs,….)
- Do guest receive a netID or local equivalent in the same namespace as employees and students?
- If a separate namespace or assigning authority, how is namespace collision avoided?
- Is there an explicit flag designating guest origin of record? Inferred from other attributes (a naming convention say)?
- Is the guest's sponsor in the identity? How? (e.g., local attribute with DN of sponsor,…)
- Are guest accounts ever converted to permanent accounts using the same identifier?
- What eduPersonAffiliation values are or may be provisioned?
- Use of guest identity
-
- Does the guest identity receive automatically-provisioned accounts as do employees or students (e.g., automatically provisioned email account or address in the domain of the institution)?
- Do guests appear in the institutional on-line directory? Designated as guests? Sponsor shown with record?
- Does your institution try to avoid issuing an individual more than one guest account? If so, how is that managed?
- Is there any attempt to reuse guest accounts from past for the same individual or are new accounts always created?
- What is the maximum amount of time a person can be affiliated on a guest account?
- Can guests edit their record with self-service data (contact information, description, etc.)?
- How do guests receive an initial password or otherwise claim accounts with what latency?
- How do guests reset forgotten passwords?
- Can guests rely on external authentication (say, to Facebook or OpenID) for access to institutional information resources? With what restrictions or concerns? Do guests request this ability?